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IN THE CLAIMS 

1 . (Previously Amended) A network connection control apparatus for granting or 
rejecting access when a device on a global network demands access to services provided on a 
local network, comprising: 

authentication means for authenticating the device on said global network in response to 
a service access request message; 

access permission entry creating means for creating an access permission entry in 
response to an access request from the device authenticated by said authentication means, and 
adding said access permission entry to an access permission list; and 

control means which, upon receiving a data packet sent from the device on said global 
network, determines whether or not said data packet should be transferred to said local network 
based on information extracted from the header of said data packet and on the access permission 
entry contained in said access permission list. 

2. (Original) A network connection control apparatus according to Claim 1, wherein 
said access permission entry creating means extracts access information from an access request 
packet transmitted from the authenticated device, thereby creating an access permission entry 
containing a source IP address, a destination IP address, a source port number, a destination port 
number and a last access permission time. 

3. (Original) A network connection control apparatus according to Claim 1, wherein 
said control means extracts a source IP address, a destination IP address, a source port number 
and a destination port number from the header of the data packet transmitted from the device on 
said global network, compares these extracted items of information with the information about 
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the access permission entry contained in said access permission list, and transfers said data 
packet to said local network if the two pieces of information correspond in all of the source IP 
address, destination IP address, source port number and destination port number. 

4. (Original) A network connection control apparatus according to Claim 1, wherein 
said control means eliminates the access permission entry corresponding to a relevant access 
from said access permission list in accordance with an access termination notification from the 
device on said global network. 

5. (Original) A network connection control apparatus according to Claim 1, wherein 
said control means calculates the length of time which elapsed from the last access based on a 
last access permission time stored in the access permission entry which corresponds to the time 
at which the data packet was received from the device on said global network, and eliminates the 
access permission entry from said access permission list when the elapsed time exceeds a 
predetermined reference time. 

6. (Original) A network connection control apparatus according to Claim 1, further 
comprising storage means for storing said access permission list. 

7. (Previously Amended) A network connection control method for granting or 
rejecting access when a device on a global network demands access to services provided on a 
local network, comprising the steps of: 

authenticating the device on said global network in response to a service access request 
message; 

creating an access permission entry in response to an access request from the 
authenticated device and adding the access permission entry to an access permission list; 
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determining, upon receiving a data packet from a device on said global network, whether 
or not said data packet should be transferred to said local network based on information extracted 
from the header of said data packet and on the access permission entry contained in said access 
permission list. 

8. (Original) A network connection control method according to Claim ?, wherein, 
in the step of creating the access permission entry, access information is extracted from an access 
request packet transmitted from the authenticated device, so that an access permission entry can 
be created which contains a source IP address, a destination IP address, a source port number, a 
destination port number and a last access permission time. 

9. (Original) A network connection control method according to Claim 7, wherein a 
source IP address, a source port number, a destination IP address and a destination port number 
are extracted from the header of the data packet transmitted from the device on said global 
network, and the extracted items of information are compared with information about the access 
permission entry contained in said access permission list, whereby said data packet is transferred 
to said local network if the two pieces of information correspond in all of the source IP address, 
destination IP address, source port number and destination port number. 



